At sample above, the middleware will redirect every request to https if:

The current request comes with no secure protocol (http)

If your environment is equals to prod. So, just adjust the settings according to your preferences.

Cloudflare

I am using this code in production environment with a WildCard SSL and the code works correctly. If I remove && env('APP_ENV') === 'prod' and test it in localhost, the redirection also works. So, having or not a installed SSL is not the problem. Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol.

Edit 23/03/2015

Thanks to @Adam Link‘s suggestion: it is likely caused by the headers that Cloudflare is passing. CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request. You need add another line in your Middleware that say…

$request->setTrustedProxies([$request->getClientIp()]);

…to trust the headers CloudFlare is sending. This will stop the redirect loop

Edit 27/09/2016 – Laravel v5.3

Just need to add the middleware class into web group in kernel.php file: